VYPR

Vendor CVEs

Joomla

All CVEs

1,051 total · sorted by risk
  • CVE-2016-10033CriKEVDec 30, 2016
    risk 0.80cvss 9.8epss 1.00

    The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

  • CVE-2026-48907CriKEVJun 5, 2026
    risk 0.77cvss epss 0.80

    A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

  • CVE-2017-8917CriMay 17, 2017
    risk 0.75cvss 9.8epss 1.00

    SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2016-8869CriNov 4, 2016
    risk 0.74cvss 9.8epss 0.97

    The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.

  • CVE-2018-17254CriSep 20, 2018
    risk 0.73cvss 9.8epss 0.83

    The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.

  • CVE-2018-7314CriFeb 22, 2018
    risk 0.71cvss 9.8epss 0.60

    SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.

  • CVE-2018-6605CriFeb 5, 2018
    risk 0.71cvss 9.8epss 0.58

    SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.

  • CVE-2018-6580CriFeb 2, 2018
    risk 0.70cvss 9.8epss 0.37

    Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.

  • CVE-2018-6396CriFeb 17, 2018
    risk 0.69cvss 9.8epss 0.24

    SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.

  • CVE-2018-7313CriFeb 22, 2018
    risk 0.68cvss 9.8epss 0.20

    SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.

  • CVE-2016-10045CriDec 30, 2016
    risk 0.68cvss 9.8epss 0.98

    The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail…

  • CVE-2018-17397CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.

  • CVE-2018-17394CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.

  • CVE-2018-17385CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.

  • CVE-2018-17384CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter.

  • CVE-2018-17383CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter.

  • CVE-2018-17380CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter.

  • CVE-2018-17379CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter.

  • CVE-2018-17377CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.

  • CVE-2018-17376CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter.

  • CVE-2018-17375CriSep 28, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter.

  • CVE-2018-7319CriFeb 22, 2018
    risk 0.67cvss 9.8epss 0.02

    SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter.

  • CVE-2018-7318CriFeb 22, 2018
    risk 0.67cvss 9.8epss 0.09

    SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.

  • CVE-2018-7316CriFeb 22, 2018
    risk 0.67cvss 9.8epss 0.09

    Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.

  • CVE-2018-7315CriFeb 22, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.

  • CVE-2018-7312CriFeb 22, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.

  • CVE-2018-6024CriFeb 18, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.

  • CVE-2018-7179CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.

  • CVE-2018-7177CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.

  • CVE-2018-6394CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.

  • CVE-2018-6373CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.02

    SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.

  • CVE-2018-6372CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.

  • CVE-2018-6370CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.

  • CVE-2018-6005CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.

  • CVE-2018-6004CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.

  • CVE-2018-5994CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.

  • CVE-2018-5992CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.

  • CVE-2018-5991CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.

  • CVE-2018-5990CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.

  • CVE-2018-5989CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.

  • CVE-2018-5987CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay…

  • CVE-2018-5982CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request.

  • CVE-2018-5980CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.04

    SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.

  • CVE-2018-5975CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI.

  • CVE-2018-5974CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.

  • CVE-2018-5971CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.

  • CVE-2018-5970CriFeb 17, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.

  • CVE-2018-6609CriFeb 5, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.

  • CVE-2018-6581CriFeb 2, 2018
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.

  • CVE-2018-6579CriFeb 2, 2018
    risk 0.67cvss 9.8epss 0.04

    SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.

Page 1 of 22